Write Integration Tests for Admin Portal and Unit Assignment

epic-organizational-hierarchy-management-admin-portal-task-019 — Implement end-to-end and widget tests for the HierarchyAdminPortalScreen and UnitAssignmentPanel. Cover: add/remove/move hierarchy nodes with validation, search and filter tree, unit assignment add/remove/primary-toggle, error state handling for validation failures, and admin role guard enforcement. Verify that hierarchy mutations correctly propagate to access scope computation.

high priority medium complexity testing pending testing specialist Tier 7

Acceptance Criteria

Widget test: adding a new hierarchy node via the admin portal form persists the node and renders it in the tree view

Widget test: removing a node that has child nodes shows a validation error and does not delete the node

Widget test: moving a node to a new parent updates the tree rendering to reflect the new position

Integration test: search input filters the displayed tree nodes in real time and returns to full tree when input is cleared

Widget test: assigning a unit to a user via UnitAssignmentPanel calls the assignment repository with correct user ID and unit ID

Widget test: removing an assignment removes the unit from the user's assignment list in the UI

Widget test: toggling a unit as primary updates the primary flag and visually distinguishes the primary unit in the list

Widget test: submitting the assignment panel with invalid input (e.g., duplicate assignment) displays a human-readable error message

Integration test: a user without admin role attempting to access HierarchyAdminPortalScreen is redirected to a no-access screen

Integration test: after adding a unit assignment for a peer mentor, AccessScopeService reflects the new unit in the peer mentor's scope within one state refresh cycle

All tests are deterministic and do not rely on test execution order

Technical Requirements

frameworks

Flutter

flutter_test

integration_test

BLoC or Riverpod

WidgetTester

apis

Supabase REST API (mocked for widget tests)

AccessScopeService

data models

OrganizationalUnit

HierarchyNode

UnitAssignment

UserRole

AccessScope

performance requirements

Tree view renders up to 200 visible nodes without jank (60 fps maintained)

Search filter debounce is 300ms — tests should account for this delay

security requirements

Admin role guard test must attempt access with a non-admin JWT and assert redirect

Unit assignment operations must be tested to confirm they cannot assign units outside the admin's own scope

ui components

HierarchyAdminPortalScreen

UnitAssignmentPanel

HierarchyTreeView

NodeActionMenu

AssignmentListTile

Execution Context

Execution Tier

Tier 7

Tier 7 - 84 tasks

Can start after Tier 6 completes

View Full Execution Plan

Implementation Notes

The hierarchy tree view is likely a recursive or virtualized widget — ensure tests pump with realistic data (at least 20 nodes across 3 levels) to catch rendering edge cases. For the 'move node' test, capture the node's initial parent ID, perform the move, and assert the new parent ID in the state — don't rely solely on visual rendering. The role guard test is best implemented as a golden-path negative test: pump the screen, assert that it never reaches the admin content, and assert the no-access widget is visible. For scope propagation, you may need a fake/spy implementation of AccessScopeService that records calls and returns controlled values — avoid relying on timing or real async gaps.

Document the test data setup (what hierarchy structure and user assignments are pre-seeded) in a `setUp` block comment so future maintainers can reproduce failures without digging through state.

Testing Requirements

Combine widget tests (flutter_test + WidgetTester) for UI interaction coverage and integration tests (integration_test package) for end-to-end role guard and scope propagation flows. Mock Supabase at the repository layer for widget tests to keep them fast. For the role guard test, use a test helper that injects a non-admin auth token into the BLoC/Riverpod state before pumping the screen. Use `pumpAndSettle` after any tree mutation to allow animations to complete before asserting.

For the scope propagation test, listen to the AccessScopeService stream after the unit assignment and assert the new unit appears within 2 state emissions. Group tests by feature area (tree management, search, unit assignment, role guard, scope propagation) and run each group independently.

Component

Unit Assignment Panel

ui medium

Dependencies (2)

Implement the embedded admin UI widget showing a user's current unit assignments. Display assignment list with unit name, type, and primary badge. Provide add assignment button (opens unit picker), remove assignment action with confirmation, and primary toggle (radio button pattern). Widget must be embeddable in user detail screens and admin portal. Integrate with UnitAssignmentService for all mutations. epic-organizational-hierarchy-management-admin-portal-task-013 Build the top-level HierarchyAdminPortalScreen combining all hierarchy management UI elements. Integrate the HierarchyTreeView as main content, add node controls (add root/child node buttons), implement search bar with real-time tree filtering, display member count badges per node, and provide contextual action menu (edit, delete, move) on node long-press or tap. Requires admin role guard. Enable non-technical org administrators to self-serve all structural changes. epic-organizational-hierarchy-management-admin-portal-task-016

Epic Risks (3)

high impact medium prob security

If the AccessScopeService and the Supabase RLS policies use different logic to determine accessible units, a coordinator could see data in the client that RLS blocks server-side, causing confusing empty states, or worse, RLS could block data the scope service declares accessible.

Mitigation & Contingency

Mitigation: Define the canonical scope computation in a single Supabase Postgres function shared by both the RLS policies and the RPC endpoint called by AccessScopeService. The client-side service calls this RPC rather than reimplementing the logic, ensuring a single source of truth.

Contingency: Add integration tests that execute the same access decision through both the RLS policy path and the AccessScopeService path and assert identical results. Use these as regression guards in the CI pipeline.

medium impact medium prob integration

When a user switches active chapter via the ChapterSwitcher, widgets that are already built may not receive the context-change event if they subscribe incorrectly to the ActiveChapterState BLoC, leading to stale data being displayed under the new chapter context.

Mitigation & Contingency

Mitigation: Use Riverpod's ref.watch on the active chapter provider at the root of each scoped data subtree rather than at individual leaf widgets. Trigger a global data refresh by invalidating all scoped providers when the chapter changes.

Contingency: Add an app-level chapter-change listener that forces a full navigation stack reset to the home screen on chapter switch, guaranteeing all widgets rebuild from scratch with the new context. Accept the UX cost of navigation reset for correctness.

medium impact medium prob scope

Non-technical organization administrators may find the hierarchy management interface too complex for the structural changes they need to make frequently (e.g., chapter renaming, coordinator reassignment), leading to low adoption and continued reliance on manual processes.

Mitigation & Contingency

Mitigation: Conduct usability testing with at least one NHF administrator before finalizing the admin portal screen layout. Prioritize the most common operations (rename, reparent, add child) as primary actions in the UI. Include inline help text and confirmation dialogs with plain-language descriptions of consequences.

Contingency: Provide a simplified 'quick edit' mode that exposes only the three most common operations (rename, deactivate, add child) and hides advanced structural operations behind an 'Advanced' toggle.

Quick Links

All Tasks Execution Plan